Stigix

A modern web-based SD-WAN traffic generator with real-time monitoring, customizable traffic patterns, and comprehensive security testing. Perfect for testing SD-WAN deployments, network QoS policies, and application performance.

📑 Table of Contents

Features
Screenshots Gallery
Platform Support
Prerequisites
Quick Start
Verify Installation
What Happens on First Start?
Usage
Configuration
Useful Commands
Architecture
Troubleshooting
Security
Key Concepts
Docker Images
Documentation
Use Cases
Contributing
Roadmap
License
Support

Why I built Stigix tool ?

I built this tool after years of writing one-off scripts for SD-WAN and security POCs, and never finding a single lab platform that really matched what I see in the field.
With a long background in networking and security, I wanted something that could generate realistic mixes of web/SaaS, voice and IoT traffic, tie in security use cases, and still be simple enough for engineers, partners and customers to run on their own.
This project is my way to turn all that lab and demo experience into an open-source tool that helps people design, validate and troubleshoot modern SASE/SD-WAN deployments more effectively.

✨ Features

🚀 Traffic Generation

67 Pre-configured Applications - Popular SaaS apps (Google, Microsoft 365, Salesforce, Zoom, etc.).
Realistic Traffic Patterns - Authentic HTTP requests with proper headers, User-Agents, and Referers
Real-time Dashboard - Live traffic visualization, metrics, and status monitoring
Weighted Distribution - Configure application traffic ratios using a visual Group/App percentage system
Traffic Rate Control - Dynamically adjust generation speed from 0.1s to 5s delay via a slider
Protocol & IP Flexibility - Support for explicit http:// or https:// and full IP address identification
Multi-interface Support - Bind to specific network interfaces
Voice Simulation (RTP) - Simulate real-time voice calls (G.711, G.729) with Scapy-based packet forging. Read more
Speedtest (XFR): High-performance throughput and latency validation with real-time telemetry. Learn more about XFR testing. 🚀
IoT/SaaS Emulation: Pre-populated application targets for SD-WAN policy verification.
IoT Simulation - Simulate a variety of IoT devices (Cameras, Sensors) with Scapy-based DHCP and ARP support for "Real-on-the-Wire" physical network presence. Includes Security Testing / Attack Mode to validate malicious behavior detection (DNS Flood, C2 Beacon, Port Scan, Data Exfiltration). Read more
Unified Source/Target Architecture - Every Stigix instance is versatile. It can simultaneously act as a Source (generating traffic) and a Target (responding to echo/bandwidth/SLA probes).
Active by Default - High-precision traffic and responsive services (Voice Echo, XFR, HTTP SLA) are started automatically upon deployment. Any instance can be used as a test target by any other instance.
Prisma SD-WAN Integration - Automatic discovery of sites and LAN interfaces via API for "Zero-Config" connectivity probes and path validation. Read more
Convergence Lab (Performance) - High-precision UDP failover monitoring (up to 100 PPS) to measure SD-WAN tunnel transition times. Read more
Smart Networking - Auto-detection of default gateways and interfaces (enp2s0, eth0) for a "Zero-Config" experience on physical Linux boxes. Read more
VyOS Control - Orchestrate network events and perturbations (latency, loss, rate-limiting, ip blocking) on VyOS routers via Vyos API. Read more
Autodiscovery & Registry - Automatic peer-to-peer discovery using Cloudflare Workers. "Zero-Config" multi-node setup with stateless authentication. Read more 📡✨
Smart Identity - Automatic instance identification using system hostname. Simplifies deployment by reducing environment variables. 🆔
Target Site Mode - Standalone container acting as a branch/hub target with HTTP, Voice, Failover tests and Bandwidth services (IPerf AND XFR speedtest). Read more

🛡️ Security

URL Filtering Tests - Validate 66 different URL categories (malware, phishing, gambling, adult content, etc.)
DNS Security Tests - Test DNS security policies with 24 domains (malware, phishing, DGA, etc.)
Threat Prevention - EICAR file download testing for IPS validation
Scheduled Testing - Automated security tests at configurable intervals
EDL - IP, URL, DNS urls with sequential or random execution
Test Results History - Persistent logging with search, filtering, and export

📊 Monitoring & Analytics

Real-time Logs - Live log streaming with WebSocket updates
Statistics Dashboard - Success/failure rates, latency metrics, bandwidth tracking
Live VPN Topology Overlay - Real-time visualization of SD-WAN tunnels with path status (Active/Backup/Down) and HUB-specific filtering. Directly from Prisma SASE API.
Persistent Logging - JSONL storage with 7-day retention and auto-rotation
Search & Filter - Find specific tests quickly with powerful search
Export Capabilities - Download results in JSON, CSV, or JSONL format

🔧 Zero-Config Deployment

Auto-detection - Automatically detects network interfaces on first start
Auto-generated Config - Creates applications-config.json with 67 apps automatically
One-liner Install - Ready in 30 seconds with single command (Linux/macOS). Supports Dashboard or Target Site modes.
Docker-based - Pre-built multi-platform images (AMD64 + ARM64).
Export/Import config capability - to clone appplications, probes, IOT , Vyos configurations
One-Click Upgrade (Beta) - Built-in maintenance UI to pull latest images and restart services with a single click.

🔒 Production Ready

JWT Authentication - Secure login with token-based auth
Log Rotation - Automatic cleanup with configurable retention
Health Monitoring - Built-in healthchecks and dependency management
Resource Limits - Optional CPU and memory constraints

🆕 What's New

The project is evolving rapidly with new features and refinements added in every release.

Highlights in v1.2.1

Favicon System: Automated discovery and caching of SaaS application icons with intelligent fallback UI for enhanced dashboard visibility. 🌐✨
Speedtest (XFR): High-performance throughput and latency validation with real-time telemetry and searchable history.
IoT Security Testing: Bad behavior simulation for IoT devices (DNS Flood, C2 Beacon, Port Scan).
Live VPN Topology: Real-time visualization of SD-WAN overlay paths with intelligent peer device mapping and HUB filtering.
Site Discovery: Automatic discovery of Prisma SD-WAN LAN interfaces for path validation.
Traffic Volume History: Persistent metrics storage and historical visualization in the dashboard.
Probe Management Modal: Streamlined UI for adding/editing synthetic probes with improved validation and a functional Export button. 🛠️
Cloud Egress Context: Enhanced "System Info" tab with real-time public IP, geolocation, and ASN data for Cloud probes. 🌍
MCP Bridge Setup: New setup-bridge.sh script for automated local installation of the Claude MCP bridge. 🤖

View full changelog with all version details →

📸 Screenshots Gallery

Explore the application interface organized by feature area. Each category contains detailed screenshots showcasing the functionality.

🏠 Main Dashboard

Real-time monitoring, traffic control, and system health overview.

View all Main Dashboard screenshots → (2 images)

⚙️ Configuration

Network interfaces, traffic distribution, synthetic probes, and application management.

View all Configuration screenshots → (2 images)

📊 Statistics

Traffic volume charts, success rates, and performance metrics.

View all Statistics screenshots → (1 image)

🛡️ Security Testing

URL filtering, DNS security, threat prevention validation, and test results history.

View all Security screenshots → (7 images)

🎯 Performance Monitoring

Connectivity performance, synthetic probes, and endpoint health tracking.

View all Performance screenshots → (5 images)

🔌 IoT Simulation

Layer-2/3 device simulation with DHCP and ARP support.

View all IoT screenshots → (6 images)

🎙️ Voice Simulation

RTP packet generation, QoS analytics, and MOS scoring.

View all Voice screenshots → (3 images)

🔄 Failover Lab

High-precision UDP failover monitoring and convergence testing.

View all Failover screenshots → (3 images)

🌐 VyOS Control

Network impairment orchestration (latency, loss, rate-limiting) on VyOS routers.

View all VyOS Control screenshots → (5 images)

🌐 VPN Topology

Real-time visualization of SD-WAN overlay paths with intelligent peer device mapping and HUB filtering.

View all Topology screenshots → (3 images)

🖥️ Platform Support

This application runs on:

🐧 Linux - Docker Engine (Ubuntu, Debian, CentOS, etc.)
🍎 macOS - Docker Desktop for Mac (macOS 11+)
🪟 Windows - Docker Desktop with WSL 2 (Windows 10/11)

Windows Users: The one-liner installation script is not supported in PowerShell.
Please follow the Windows Installation Guide for step-by-step instructions.

📋 Prerequisites

Docker Installation Required

This application runs in Docker containers. You must have Docker installed and running before installation.

🐳 macOS

Install Docker Desktop for Mac
- Download from: https://www.docker.com/products/docker-desktop/
- Requires macOS 11 or later
- Important: Launch Docker Desktop and wait until it's running (🐳 icon in menu bar)
Alternatives: OrbStack or Colima (lightweight alternatives for macOS)

🪟 Windows

Install Docker Desktop for Windows with WSL 2
- Complete guide: Windows Installation Guide
- Requires Windows 10/11 64-bit
- Important: WSL 2 must be enabled and Docker Desktop must be running

🐧 Linux (Ubuntu/Debian)

Install Docker Engine

Follow official guide: https://docs.docker.com/engine/install/ubuntu/

Or quick install:

curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
sudo usermod -aG docker $USER
# Logout and login again

✅ Verify Docker Installation

# Check Docker is running
docker --version
docker ps

# Expected output:
# Docker version 24.x.x or later
# CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS   PORTS   NAMES

🚀 Quick Start

One-Liner Install (Linux/macOS) ⭐

Requirements: Docker must be running (see Prerequisites above)

We provide an interactive installation script that configures the Stigix All-in-One container for your environment.

curl -sSL https://raw.githubusercontent.com/jsuzanne/stigix/main/install.sh | bash

What to expect:

🚀 Stigix (All-in-One) - Installation
==========================================
✅ Docker is running.
🐧 Platform: Native Linux detected. (Using host mode for full features)

📌 Choose Deployment Mode:
1) Both (Source + Target) [Default] - Runs Dashboard, Traffic Gen, and Echo targets
2) Target Only - Deploys only the Echo/XFR targets
3) Source Only - Deploys only the Dashboard and Traffic Gen
Select an option [1-3] (Default: 1): 1
🎯 Selected Mode: both
📦 Downloading Base Configuration from GitHub...
✅ Files prepared in /path/to/stigix
🔧 Pulling images and starting Stigix All-in-One...

This will:

✅ Check if Docker is installed and running
✅ Detect your OS to configure networking (Host for Linux, Bridge for Mac/WSL)
✅ Let you choose your deployment mode (Interactive)
✅ Pull the single, optimized jsuzanne/stigix:stable image
✅ Start all necessary services automatically
✅ Auto-generate configuration

Access: http://localhost:8080
Credentials: admin / admin (change after first login)

Advanced flags: You can bypass interactivity using --mode <both|source|target> or simulate the install with --dry-run. Example:
curl -sSL https://raw.githubusercontent.com/jsuzanne/stigix/main/install.sh | bash -s -- --mode target

Windows Users: The one-liner installation script is not supported in PowerShell. Please follow the Windows Installation Guide for step-by-step instructions.

Manual Install (Advanced)

If you prefer not to use the install script, you can download the compose file manually.

mkdir -p stigix && cd stigix
# Download the consolidated compose file
curl -sSL -o docker-compose.yml https://raw.githubusercontent.com/jsuzanne/stigix/main/docker-compose.yml
# Start the All-in-One container
docker compose up -d

Consolidated Architecture: Stigix is now distributed as a single All-in-One image (jsuzanne/stigix) managed by supervisord. This simplifies deployment and ensures all components (Dashboard, Traffic Gen, Voice, Echo, XFR, MCP) are always in sync.

Windows (PowerShell):

# Create directory
mkdir C:\stigix
cd C:\stigix

# Download bridge mode compose file
curl.exe -L https://raw.githubusercontent.com/jsuzanne/stigix/main/docker-compose.example.bridge.yml -o docker-compose.yml

# Start services
docker compose up -d

Default credentials: admin / admin

For detailed Windows instructions, see Windows Installation Guide

📊 Verify Installation

# go to directory
cd stigix/

# Check containers status
docker compose ps

# Check logs (should be clean, no [ERROR] messages)
docker compose logs -f

# Check health endpoint
curl http://localhost:8080/api/health
# Expected: {"status":"healthy","version":"1.1.0-patch.7"}

# Check auto-generated config
ls -la config/
cat config/interfaces.txt  # Your auto-detected interface
jq '.applications[]' config/applications-config.json | head -5  # 67 applications

Expected: No [ERROR] messages in logs ✅

🎯 What Happens on First Start?

The system auto-generates everything you need:

config/applications-config.json - 67 popular SaaS applications (Google, Microsoft 365, Salesforce, etc.) and traffic control settings.
config/interfaces.txt - Auto-detected network interface (eth0, en0, ens4, etc.)
config/users.json - Default admin user with bcrypt-hashed password

No manual configuration needed! 🎉

Simply start the containers and access the dashboard at http://localhost:8080

📖 Usage

Managing Traffic Generation

Login to the web dashboard at http://localhost:8080
Dashboard Tab: View real-time statistics and control traffic generation
Configuration Tab:
- Add network interfaces (e.g., eth0, wlan0)
- Adjust traffic distribution percentages for different application categories
- Use explicit http:// or https:// prefixes for internal or specific servers
Logs Tab: View real-time traffic logs and statistics
Security Tab: Run URL filtering, DNS security, and threat prevention tests
Start/Stop: Use the toggle button on the dashboard

Running Security Tests

Navigate to the Security tab to:

Test URL categories (malware, phishing, gambling, etc.)
Validate DNS security policies
Test IPS/threat prevention with EICAR downloads
Schedule automated tests
View and export test results

🔧 Configuration

🌐 Prisma SD-WAN Integration (Auto-detect)

The tool supports auto-detection of your Prisma SD-WAN site name for lab visibility.

Create a service account in Prisma SASE (TSG) with Read Only permissions.

Add the following to your .env file:

PRISMA_SDWAN_CLIENT_ID=your-client-id@tsgid.iam.panserviceaccount.com
PRISMA_SDWAN_CLIENT_SECRET=your-client-secret
PRISMA_SDWAN_TSG_ID=your-tsg-id

Restart the container. The detected site name will appear in the dashboard header.

Change Port

# docker-compose.yml
ports:
  - "8081:8080"  # Use port 8081 instead of 8080

Or use environment variables:

echo "WEB_UI_PORT=8081" > .env

Add Custom Connectivity Tests

# docker-compose.yml - web-ui environment section
environment:
  # HTTP/HTTPS endpoints
  - CONNECTIVITY_HTTP_1=Production-App:https://myapp.company.com
  - CONNECTIVITY_HTTP_2=Staging-App:https://staging.company.com

  # PING tests (ICMP)
  - CONNECTIVITY_PING_1=HQ-Gateway:10.0.0.1
  - CONNECTIVITY_PING_2=Branch-Gateway:192.168.100.1

  # TCP port checks
  - CONNECTIVITY_TCP_1=SSH-Bastion:10.0.0.100:22
  - CONNECTIVITY_TCP_2=Database:10.0.0.50:3306

Adjust Traffic Frequency

# docker-compose.yml - traffic-gen environment section
environment:
  - SLEEP_BETWEEN_REQUESTS=2  # 1 request every 2 seconds (0.5 req/sec)

Change Log Retention

# docker-compose.yml - web-ui environment section
environment:
  - LOG_RETENTION_DAYS=30  # Keep logs for 30 days
  - LOG_MAX_SIZE_MB=500    # Max 500 MB per log file

🛠️ Useful Commands

# View logs in real-time
docker compose logs -f

# View logs for a specific service
docker compose logs -f web-ui
docker compose logs -f traffic-gen

# Restart services
docker compose restart

# Stop services
docker compose stop

# Stop and remove containers
docker compose down

# Rebuild after code changes
docker compose up -d --build

# Check resource usage
docker stats stigix

# Access container shell
docker compose exec web-ui sh
docker compose exec traffic-gen sh

# Export logs
docker compose logs --no-color > logs-export.txt

🏗️ Architecture

┌─────────────────────────────────────────────────────────────┐
│                     User Browser                            │
│                  http://localhost:8080                      │
└────────────────────────┬────────────────────────────────────┘
                         │
                         ▼
        ┌────────────────────────────────────────┐
        │        Stigix All-in-One Container     │
        │   ┌──────────────────────────────┐     │
        │   │    Web Dashboard (React)     │     │
        │   └──────────────┬───────────────┘     │
        │                  ▼                     │
        │   ┌──────────────────────────────┐     │
        │   │  Backend API (Node.js/Exp)   │     │
        │   └──────────────┬───────────────┘     │
        │                  ▼                     │
        │   ┌──────────────────────────────┐     │
        │   │   Traffic Generator (Python) │     │
        │   └──────────────┬───────────────┘     │
        │                  ▼                     │
        │   ┌──────────────────────────────┐     │
        │   │   Target Services (HTTP/XFR) │     │
        │   └──────────────┬───────────────┘     │
        └──────────────────┼─────────────────────┘
                           │
                           ▼
        ┌────────────────────────────────────────┐
        │         Internet / SD-WAN              │
        └────────────────────────────────────────┘

Shared Volumes:
  • config/  - Unified configuration (apps, probes, prisma, vyos)
  • logs/    - Traffic logs and statistics
  • mcp-data/ - Persistence for MCP server state

🐛 Troubleshooting

Docker Not Running

Error: Cannot connect to the Docker daemon

Solution:

macOS/Windows: Launch Docker Desktop and wait until the 🐳 icon appears
Linux: sudo systemctl start docker
Windows specific issues: See Windows Installation Guide

Docker Pull Timeout

Error: context deadline exceeded

Solution:

# Retry the pull
docker compose pull

# Or manually pull images
docker pull jsuzanne/stigix:stable

Port 8080 already in use

# Change port in docker-compose.yml
ports:
  - "8081:8080"

Or:

echo "WEB_UI_PORT=8081" > .env
docker compose up -d

Cannot connect to dashboard

# Check containers are running
docker compose ps

# Check logs for errors
docker compose logs web-ui
docker compose logs traffic-gen

# Check firewall (Linux)
sudo ufw allow 8080/tcp

Traffic not generating

# Check network interface configuration
docker compose exec traffic-gen cat /opt/sdwan-traffic-gen/config/interfaces.txt

# Should show your interface (eth0, en0, ens4, etc.)
# If incorrect, edit config/interfaces.txt and restart
docker compose restart

[ERROR] Configuration file not found

This error should NOT appear in v1.1.0-patch.7 or later. If you see it:

# Update to latest version
docker compose pull
docker compose down
docker compose up -d

Logs filling up disk space

# Reduce retention in docker-compose.yml
environment:
  - LOG_RETENTION_DAYS=3
  - LOG_MAX_SIZE_MB=50

No Traffic Being Generated

Check that network interfaces are configured in the Configuration tab
Verify traffic generation is started (green "Active" status on dashboard)
Check logs: docker compose logs -f traffic-gen

Traffic Fails in Proxmox/LXC/Host Mode

Issue: Stigix traffic fails to start or network operations (like Voice/IoT simulation) fail when running in Host Network mode on certain virtualized stacks (Proxmox → LXC → Ubuntu → Docker).

Solution: This is often due to insufficient container privileges for low-level network operations (NET_ADMIN, NET_RAW).

Trusted Lab Fix: Enable privileged: true in your docker-compose.yml for the Stigix container.
Alternative: Add specific capabilities:
```
cap_add:
  - NET_ADMIN
  - NET_RAW
```

Warning: Use privileged: true only in trusted lab setups, as it significantly reduces container isolation and increases host security risk.

🔒 Security

Production Deployment Checklist

Change default admin password (Dashboard → Settings)
Set strong JWT_SECRET in docker-compose.yml
Use HTTPS with a reverse proxy (nginx, Traefik, Caddy)
Restrict access with firewall rules
Enable Docker resource limits
Review and customize application list
Set appropriate log retention policies

JWT Secret

# docker-compose.yml - web-ui environment
environment:
  - JWT_SECRET=your-super-secure-random-string-here

Generate a secure secret:

openssl rand -base64 32

🔑 Key Concepts

Traffic Generator vs Security Tests

The Stigix has two separate systems:

Feature	Traffic Generator	Security Tests
Purpose	Simulate user traffic	Test security policies
Source	`config/applications-config.json`	Hardcoded test URLs
Execution	Continuous background	On-demand or scheduled
Logs	`/var/log/sdwan-traffic-gen/traffic.log`	`test-results.jsonl`
Examples	google.com, office365.com	urlfiltering.paloaltonetworks.com

Traffic Generator creates realistic application traffic for SD-WAN demos.
Security Tests validate URL filtering, DNS security, and threat prevention policies.

📦 Docker Images

Official Image (All-in-One)

The recommended deployment method uses a single unified image encompassing all components:

Stigix All-in-One: jsuzanne/stigix:stable

All images are automatically built for AMD64 and ARM64 architectures.

📚 Documentation

Comprehensive guides organized by your journey with the Stigix.

🚀 Getting Started

Installation Guide - Complete setup instructions with troubleshooting
Windows Installation Guide - Step-by-step guide for Windows 10/11
Quick Start Guide - Get up and running in 5 minutes
Configuration Guide - Advanced configuration options

🎯 Core Features

Traffic Generator Guide - Configure applications-config.json and traffic weights.
Security Testing Guide - Comprehensive security testing documentation
- Security Quick Reference - Quick reference for security tests
- Security FAQ - Frequently asked questions
Connectivity Endpoints - System health monitoring and synthetic probes

🔬 Advanced Features

Voice Simulation Guide - RTP packet forging and MOS scoring theory
IoT Simulation Guide - Layer-2/3 device simulation and Scapy networking
Convergence Lab Guide - High-precision failover & RX/TX loss theory
VyOS Control Guide - Orchestrating SD-WAN impairments on VyOS nodes
Smart Networking Guide - Host Mode and auto-detection architecture
Target Capabilities - Standalone target site deployment

🔧 Operations & Maintenance

Persistent Logging - Test results storage, search, and export
Maintenance & Update Guide - How to update via UI, script, or manually
Remote Access Guide - Guidelines for Tailscale, Cloudflare Tunnels, and Reverse Proxies
Troubleshooting Guide - Common issues and solutions

📖 Technical Reference

MCP Server - Model Context Protocol integration
Architecture Overview - System architecture and design
Technical Diagram - Visual architecture diagrams

🎯 Use Cases

SD-WAN Testing - Validate traffic routing, QoS policies, and failover scenarios
Security Policy Testing - Test URL filtering, DNS security, and threat prevention
Network Performance - Measure latency, bandwidth, and reliability
Firewall Validation - Verify firewall rules and application awareness
Load Testing - Generate sustained traffic for capacity planning
Demo & Training - Educational tool for network engineers and sales demonstrations
Compliance - Verify network policies and application access controls

🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

Development Setup

# Clone repository
git clone https://github.com/jsuzanne/stigix.git
cd stigix

# Install web dashboard dependencies
cd web-dashboard
npm install

# Run in development mode
npm run dev

# Build for production
npm run build

📈 Roadmap

Multi-region deployment support
Advanced traffic patterns (burst, gradual ramp-up)
Custom protocol support (DNS, FTP, SMTP, etc.)
Grafana/Prometheus integration
API for programmatic control
Traffic replay from PCAP files
Cloud provider integrations (AWS, Azure, GCP)
WebRTC and video streaming simulation
Custom security test categories
PowerShell installation script for Windows

Disclaimer

This is a personal, community-driven project maintained in my own name.
It is not an official Palo Alto Networks product, feature, or tool, and it is
not supported by Palo Alto Networks in any way.

All opinions, configurations, and examples in this repository are my own and do
not represent the views of my employer. Use this software at your own risk and
always validate behavior in a lab environment before using it in production.

This project is provided "as is", without any warranty of any kind, express or
implied, including but not limited to fitness for a particular purpose or
non-infringement.

📝 License

This project is licensed under the MIT License - see the LICENSE file for details.

🆘 Support

Documentation: INSTALLATION.md | Windows Guide
Issues: GitHub Issues
Discussions: GitHub Discussions

🙏 Acknowledgments

Built with React, TypeScript, and Vite
UI components from shadcn/ui
Icons from Lucide
Traffic generation powered by Python requests

Made with ❤️ for SD-WAN testing and demonstrations

For detailed installation instructions, see INSTALLATION.md
For Windows-specific setup, see Windows Installation Guide